From 15a649f949df2a70afb109ea64293dd7c9036e16 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Exp=C3=B3sito?= Date: Fri, 13 Sep 2024 16:40:30 +0200 Subject: [PATCH] Backport NULL check to avoid a crash Resolves: https://issues.redhat.com/browse/RHEL-58444 --- ...-that-a-pointer-isn-t-NULL-before-us.patch | 40 +++++++++++++++++++ libX11.spec | 10 ++++- 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 0001-imDefLkup-verify-that-a-pointer-isn-t-NULL-before-us.patch diff --git a/0001-imDefLkup-verify-that-a-pointer-isn-t-NULL-before-us.patch b/0001-imDefLkup-verify-that-a-pointer-isn-t-NULL-before-us.patch new file mode 100644 index 0000000..d8c9fd7 --- /dev/null +++ b/0001-imDefLkup-verify-that-a-pointer-isn-t-NULL-before-us.patch @@ -0,0 +1,40 @@ +From 623b77d4f30b47258a40f89262e5aa5d25e95fa7 Mon Sep 17 00:00:00 2001 +From: Benno Schulenberg +Date: Mon, 14 Feb 2022 11:33:25 +0100 +Subject: [PATCH] imDefLkup: verify that a pointer isn't NULL before using it + +It is possible for _XimICOfXICID() to return NULL, so it is necessary +to check this isn't actually the case before dereferencing the pointer. +All other callers of _XimICOfXICID() do this check too. + +(The check itself is ugly, but it follows the style of the code in the +rest of the module.) + +Fixes issue #45. + +Reported-by: Bhavi Dhingra + +Original-patch-by: Bhavi Dhingra + +Signed-off-by: Benno Schulenberg +--- + modules/im/ximcp/imDefLkup.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/modules/im/ximcp/imDefLkup.c b/modules/im/ximcp/imDefLkup.c +index dea7f66d..dd1adf53 100644 +--- a/modules/im/ximcp/imDefLkup.c ++++ b/modules/im/ximcp/imDefLkup.c +@@ -88,7 +88,8 @@ _XimSetEventMaskCallback( + + if (imid == im->private.proto.imid) { + if (icid) { +- ic = _XimICOfXICID(im, icid); ++ if (!(ic = _XimICOfXICID(im, icid))) ++ return False; + _XimProcICSetEventMask(ic, (XPointer)&buf_s[2]); + } else { + _XimProcIMSetEventMask(im, (XPointer)&buf_s[2]); +-- +2.46.0 + diff --git a/libX11.spec b/libX11.spec index fefcf70..cb48da4 100644 --- a/libX11.spec +++ b/libX11.spec @@ -5,7 +5,7 @@ Summary: Core X11 protocol client library Name: libX11 Version: 1.6.8 -Release: 8%{?gitdate:.%{gitdate}git%{gitversion}}%{?dist} +Release: 9%{?gitdate:.%{gitdate}git%{gitversion}}%{?dist} License: MIT Group: System Environment/Libraries URL: http://www.x.org @@ -42,6 +42,9 @@ Patch12: 0001-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch # RHEL-23452 Patch13: 0001-Avoid-recursing-through-_XError-due-to-sequence-adju.patch +# https://issues.redhat.com/browse/RHEL-58444 +Patch14: 0001-imDefLkup-verify-that-a-pointer-isn-t-NULL-before-us.patch + BuildRequires: xorg-x11-util-macros >= 1.11 BuildRequires: pkgconfig(xproto) >= 7.0.15 BuildRequires: xorg-x11-xtrans-devel >= 1.0.3-4 @@ -93,6 +96,7 @@ libX11/libxcb interoperability library %patch11 -p1 -b .xcreatepixmap-trigger-badvalue-error-for-out-of-rang %patch12 -p1 -b .cve-2023-43787 %patch13 -p1 -b .rhel-23452 +%patch14 -p1 -b .rhel-58444 %build autoreconf -v --install --force @@ -157,6 +161,10 @@ make %{?_smp_mflags} check %{_mandir}/man5/*.5* %changelog +* Fri Sep 13 2024 José Expósito - 1.6.8-9 +- Backport NULL check to avoid a crash + Resolves: https://issues.redhat.com/browse/RHEL-58444 + * Tue Jan 30 2024 Olivier Fourdan - 1.6.8-8 - Backport fix for Xlib lockups due to recursive XError (RHEL-23452)